From a773ec8150e89035ffd845c5cf051ee8b5fdfc8b Mon Sep 17 00:00:00 2001 From: braginini Date: Sun, 16 May 2021 18:05:08 +0200 Subject: [PATCH] feat: add interface black list to avoid undesired interfaces --- cmd/config.go | 7 ++++--- cmd/up.go | 6 +++++- connection/connection.go | 11 ++++++++++- connection/engine.go | 31 ++++++++++++++++++------------- 4 files changed, 37 insertions(+), 18 deletions(-) diff --git a/cmd/config.go b/cmd/config.go index ad7640afe..f7b07b189 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -14,9 +14,10 @@ type Config struct { Peers []connection.Peer StunTurnURLs []*ice.URL // host:port of the signal server - SignalAddr string - WgAddr string - WgIface string + SignalAddr string + WgAddr string + WgIface string + IFaceBlackList []string } //Write writes configPath to a file diff --git a/cmd/up.go b/cmd/up.go index df8466ac8..8f8d1bc28 100644 --- a/cmd/up.go +++ b/cmd/up.go @@ -38,7 +38,11 @@ var ( //todo proper close handling defer func() { signalClient.Close() }() - engine := connection.NewEngine(signalClient, config.StunTurnURLs, config.WgIface, config.WgAddr) + iFaceBlackList := make(map[string]struct{}) + for i := 0; i < len(config.IFaceBlackList); i += 2 { + iFaceBlackList[config.IFaceBlackList[i]] = struct{}{} + } + engine := connection.NewEngine(signalClient, config.StunTurnURLs, config.WgIface, config.WgAddr, iFaceBlackList) err = engine.Start(myKey, config.Peers) diff --git a/connection/connection.go b/connection/connection.go index 13fdf932d..fe157a235 100644 --- a/connection/connection.go +++ b/connection/connection.go @@ -29,6 +29,8 @@ type ConnConfig struct { RemoteWgKey wgtypes.Key StunTurnURLS []*ice.URL + + iFaceBlackList map[string]struct{} } type IceCredentials struct { @@ -88,6 +90,13 @@ func (conn *Connection) Open(timeout time.Duration) error { a, err := ice.NewAgent(&ice.AgentConfig{ NetworkTypes: []ice.NetworkType{ice.NetworkTypeUDP4}, Urls: conn.Config.StunTurnURLS, + InterfaceFilter: func(s string) bool { + if conn.Config.iFaceBlackList == nil { + return true + } + _, ok := conn.Config.iFaceBlackList[s] + return !ok + }, }) conn.agent = a @@ -280,7 +289,7 @@ func (conn *Connection) listenOnConnectionStateChanges() error { log.Errorf("failed selecting active ICE candidate pair %s", err) return } - log.Debugf("closed to peer %s via selected candidate pair %s", conn.Config.RemoteWgKey.String(), pair) + log.Infof("will connect to peer %s via a selected connnection candidate pair %s", conn.Config.RemoteWgKey.String(), pair) } else if state == ice.ConnectionStateDisconnected || state == ice.ConnectionStateFailed { // todo do we really wanna have a connection restart within connection itself? Think of moving it outside err := conn.Close() diff --git a/connection/engine.go b/connection/engine.go index 5399c9b21..56b9fd4f3 100644 --- a/connection/engine.go +++ b/connection/engine.go @@ -23,6 +23,8 @@ type Engine struct { wgIface string // Wireguard local address wgIp string + + iFaceBlackList map[string]struct{} } type Peer struct { @@ -30,13 +32,15 @@ type Peer struct { WgAllowedIps string } -func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string) *Engine { +func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string, + iFaceBlackList map[string]struct{}) *Engine { return &Engine{ - stunsTurns: stunsTurns, - signal: signal, - wgIface: wgIface, - wgIp: wgAddr, - conns: map[string]*Connection{}, + stunsTurns: stunsTurns, + signal: signal, + wgIface: wgIface, + wgIp: wgAddr, + conns: map[string]*Connection{}, + iFaceBlackList: iFaceBlackList, } } @@ -101,13 +105,14 @@ func (e *Engine) openPeerConnection(wgPort int, myKey wgtypes.Key, peer Peer) (* remoteKey, _ := wgtypes.ParseKey(peer.WgPubKey) connConfig := &ConnConfig{ - WgListenAddr: fmt.Sprintf("127.0.0.1:%d", wgPort), - WgPeerIp: e.wgIp, - WgIface: e.wgIface, - WgAllowedIPs: peer.WgAllowedIps, - WgKey: myKey, - RemoteWgKey: remoteKey, - StunTurnURLS: e.stunsTurns, + WgListenAddr: fmt.Sprintf("127.0.0.1:%d", wgPort), + WgPeerIp: e.wgIp, + WgIface: e.wgIface, + WgAllowedIPs: peer.WgAllowedIps, + WgKey: myKey, + RemoteWgKey: remoteKey, + StunTurnURLS: e.stunsTurns, + iFaceBlackList: e.iFaceBlackList, } signalOffer := func(uFrag string, pwd string) error {